Brandon A Brandon A - 20 days ago 5
iOS Question

iOS HTTPS SSL Certificates

Scenario I am working on an application that needs to make use of

https
for network communication. Currently our user credentials (username, password...) are being sent in plain text over our URL. (ex.
http://www.myserver.com/service?username=USERNAME&password=PASSWORD...
). This is not good for our client. I am new to using
https
and even newer to setting up an iOS app to use
https
. So I have a few questions:

assumption: I believe an iOS app must contain an SSL certificate to then be validated on the server side. Correct me if I'm wrong.

1) Where/How do I get a certificate?

2) How do I import the certificate into the application?

3) How do I validate the certificate with the one of server?

4) If the certificate is deemed invalid, how do I work around that?

And if there is anything I am missing or misunderstanding please correct me.

Answer

Your iOS app does not need to contain an SSL certificate. Instead, it is the server that needs an SSL certificate. On the iOS app side you only need to replace the http:// URL with an https:// URL. When your app makes the https connection to the server iOS's networking code will check the validity of the server's certificate, so you can be confident that you are communicating with the right server. Anything you send over the https connection will be protected from eavesdropping by encryption.

You can test whether the server has a certificate by entering its https:// URL into a web browser. If the browser displays a lock icon, the server has a valid certificate. You can click on the lock icon for more information about the server's certificate.

Comments